Last couple of months I have found myself giving several talks on privacy. This isn’t exactly news as I have been banging on that drum for ages, but there does seem to be more interest in privacy and requests to talk about the topic.

This may be because people are realising how elusive privacy becomes as the web platforms are turning the screws on user data they have accumulated. I am looking at you, Facebook, though Facebook is not the only perp in town…

The first talk on the topic, which I enjoyed very much was the one I gave in June to the Oxford Libertarian Society. I tried to cover various notions of privacy and argued that privacy is to identity what freedom is to morality – the latter can’t exist without the former. Here’s the text in full.

My second recent talk on privacy was at LIFT France 2010, as part of the session called Privacy Revisited, Protect and Project with Daniel Kaplan, the founder of FING and Alma Whitten, Google’s Engineering Lead for Privacy. It is a sign of a good session where one learns much from the other speakers. After watching Alma’s interesting presentation, it occurred to me that in the world of web platforms and clouds, even ones that are trying to be benign, privacy boils down to something I should have opened my talk with…

Privacy is never having to delete things you don’t want anyone to see.

Insult, berate and make fun of any company that offers you something like a “sharing” site that makes you push stuff in that you can’t make copies out of or which you can’t export stuff out of. They will burble about technology issues. They are fucking lying. They might go off further about business models. They are fucking stupid. Make fun of these people, and their shitty little Cloud Cities running on low-grade cooking fat and dreams. They will die and they will take your stuff into the hole. Don’t let them.Jason Scott of ASCII in Fuck the Cloud

Talking to Doc earlier this week, I tried to explain my unease with various interpretations of VRM that come thick and fast as the concepts gain traction by identifying the fundamental problem.*

It is the assumption that “the individual needs to be provided for” that I see everywhere other than on the social (or live) web where the demand side can, and often does, supply itself, where users can and often do become creators, where the audiences have become distributors, and intermediaries of all kinds are melting away from decentralised networks and direct connections. Alas, even on the web, it’s not all P2P roses – my online existence is scattered across many platforms, Google, WordPress, Flickr, Dopplr, Twitter, and many more.

Most VRM approaches or implementations I have seen involve a third party as a provider. I believe we first need to focus on changing the relationships between individuals and companies or institutions. First comes redressing the balance – manually, as it were – by helping individuals relate to companies in ways that change companies’ behaviour.

Most of all, I want to avoid using technology to address a non-technology problem, using automation or aggregation for the aspects of relationships which should be processed by a human mind. I want to avoid jumping straight into ‘industrial’ processing of data treasures found on the customer side. We need a more balanced relationships with vendors and institutions, with different tools and possibly rules of interaction. Then we can look at ways to rationalise the technology and processes that help us create and maintain those relationships.

The most common solutions for providing individuals with online services are based around centralised databases or platforms. They are suspect on security and privacy grounds even though they may be created by a trustworthy party. So, any framework or structure provided by a third party that is meant to provide a place for individuals to create, gather, manage and share data as well as allowing a degree of aggregation, connectivity, will have to have in-built checks and balances as it may ultimately expose individuals to potential data-mining (whether the more private among us like it or not!). The challenge is to separate the data storage provider and a services/application provider. If I let someone store or back up my data – reluctantly admitting it may still be necessary for now – I would want them to store my data only, and not push or even provide any other apps based on that data. I should then be able to choose and apply whatever application I want, to my data, at my convenience.

Jason Scott of ASCII has a juicy way of putting this:

This is about your data. This is about your work. This is about you using your time so that you make things and work on things and you trust a location to do “the rest” and guess what, here is what we have learned:

If you lose your shit, the technogeeks will not help you. They will giggle at you and make fun of your not understanding the fundamental principles and engineering of client-server models. This is kind of like firemen sitting around giggling at you because you weren’t aware of the inherent lightning-strike danger of improperly bonded CSST.

Since the dawn of time, companies have hired people whose entire job is to tell you everything is all right and you can completely trust them and the company is as stable as a rock, and to do so until they, themselves are fired because the company is out of business.

You are going to have to sit down and ask yourself some very tough questions because the time where you could get away without asking very tough questions with regard to your online presence and data are gone.

And his advice further into the wonderful rant is even juicier:

Insult, berate and make fun of any company that offers you something like a “sharing” site that makes you push stuff in that you can’t make copies out of or which you can’t export stuff out of. They will burble about technology issues. They are fucking lying. They might go off further about business models. They are fucking stupid. Make fun of these people, and their shitty little Cloud Cities running on low-grade cooking fat and dreams. They will die and they will take your stuff into the hole. Don’t let them.

The singular force that can drive this transformation of every manmade thing for the better is neither government fiat nor the standard tactics of environmentalists, but rather radical transparency in the marketplace. If we as buyers can know the actual ecological impacts of the stuff we buy at the point of purchase, and can compare those impacts to competing products, we can make better choices. The means for such radical transparency has already launched. Software innovations now allow any of us to access a vast database about the hidden harms in whatever we are about to buy, and to do this where it matters most, at the point of purchase. As we stand in the aisle of a store, we can know which brand has the fewest chemicals of concern, or the better carbon footprint. In the Beta version of such software, you click your cell phone’s camera on a product’s bar code, and get an instant readout of how this brand compares to competitors on any of hundreds of environmental, health, or social impacts. In a planned software upgrade, that same comparison would go on automatically with whatever you buy on your credit card, and suggestions for better purchases next time you shop would routinely come your way by email.

Such transparency software converts shopping into a vote, letting us target manufacturing processes and product ingredients we want to avoid, and rewarding smarter alternatives. As enough of us apply these decision rules, market share will shift, giving companies powerful, direct data on what shoppers want — and want to avoid — in their products.

Creating a market force that continually leverages ongoing upgrades throughout the supply chain could open the door to immense business opportunities over the next several decades. We need to reinvent industry, starting with the most basic platforms in industrial chemistry and manufacturing design. And that would change every thing

The article seems to imply that the data is out there in a form or format provided via some centralised source. My immediate reaction was that is not how the social web or the Live Web works: a) data is generated by anyone and everyone and b) it’s messy and the context emergent.

Technology and tools should serve us better and help us, as individuals, to filter and structure that information. Somehow, even in the best case scenario, I don’t see everything on tap from a unified source. Or digested, which is an uncomfortable implication that leaps out of the piece at me.

For example, assessing environmental or health impact of anything is subject to years, decades even, of debate, controversy, lobbying, vested interest, political play… and so it seems to me that the only way I can get information clear enough for making decisions is to ’subscribe’ to a particular view via sources promoting it. Of course, I can get a more balanced take on everything these days by finding alternative views somewhere on the web but I am not sure I want to stand in the supermarket, trying to follow a potentially heated and complicated online debate about the impact of the washing liquid I am about to put in my basket. Can technology speed up and simplify this process to the point where it becomes practical, without losing context for delibration in the process? That is one of the questions I ask myself whenever I come across yet another tool to help us search, compare, aggregate or match information online.

That said, information about nutrients and other non-controversial data of interest to me is easy enough to provide and sadly, this is where most vendors do fall short of what’s possible with existing technology. The operative word here is non-controversial, which is the trojan horse of any implementation of such resource(s). I mean that even what is meant to be gathering of ‘encyclopedic’ knowledge can be controversial at times. Trying to do that with live streams of information means that the checks and balances must reside in the context, not the source itself.

At the more fundamental level, the web and information technology made data cheap. It is the context to data that got expensive, in time and social interactions. On the web the best context costs you time spent browsing and researching and/or time spent cultivating a quality network to supply you with context as you need it. Here I elaborate:

The web has removed physical limitations on space. Data was expensive to create, store and move around and now it is not. This made room for context, which is becoming at least as important as the data. In fact, it is what make data and information the skeleton, giving shape to the flesh and skin but it is no longer the whole body and finish. The important thing is that context can be provided only by a human mind. It cannot be automated – when creating or absorbing it.

Update: The Guardian advert making similar point with regard to media and interpretations of ‘facts’ one sees.

It comes down to whether you prefer context to be provided by:

automated algorithms a la Google and the thousands aggreation sites,

trusted sources including vendors, manufacturers, even third parties and intermediaries, or

your network of friends aka social network

The answer is obvious.

It depends! We use all three at different points in our information gathering, sharing and exchange and transactions. The challenge for VRM is to understand advantages and disadvantages of all three and encourage development of tools that give me, the individual user or customers, the best of all three.

My bet is on no.3. I want to help individuals to capture both data and context on their own terms. This will give rise to another layer of knowledge that serves both the individual and his network. For example, I want to collect data about my shopping, with my own comments and with sources of information useful to me. I want to have pictures of products I have bought, links to reviews by others and my own, comments by friends in my network, record of interactions with the vendors and third parties etc etc. I want it in a place I can further analyse it and share it based on my privacy requirements.

With time, all this can become a source of better understanding of my own behaviour and preferences, and, with practice, a better negotiating position in future transactions. In other words, I will be the most authoritative source of my own history, with data, information and knowledge about me.

My immediate reaction was, hey, that’s a better way of naming something that is meant to give control to a customer. CMR started from the same position as VRM, which is flipping CRM:

Who invented the term “Customer Relationship Management” or “CRM”? Who cares I hear you mutter in response. Well for those of you who think you invented the term it probably matters. For those of you trying to make CRM work you might like to get hold of and strangle them!!

I second that motion!

Just imagine if all the marketing spend that went into getting CRM onto the board’s agenda had gone into CMR instead. For those of you who believe in neurolinguistics (i.e. something along the lines of “the words you use show what you are thinking”) using the term CMR would mean that the board actually thought the customer was in control, that the customer managed the relationship.

But what is Customer Managed Relationship? CRM Today article explains:

CMR is three things:

An ability to rethink, to reshape your organisation and its knowledge so that it is at the disposal of your customers

Internet enabled management tools which customers use to get what they want

An ability to react to the information being generated and used by customers in order to increase profitability

So far, so good. And the benefits?

If executed well CMR generates three major benefits over CRM:

It is easier to implement because the customer is doing the complex stuff

It creates lock in since customers having invested their data with you will not move easily

It allows you to move faster than your competitor since you are in a trusted relationship with your customer

This seems at least halfway to what VRM is trying to achieve. The benefits are spelled out only from the vendor side, given the audience of the article not surprising and there are examples of how a customer would benefit from having his tax done via a CMR system. It also gets the ‘why not outsource data management to customers’ bit right, again from the company perspective.

The catch is in the benefit no. 2:

“It creates lock in since customers having invested their data with you will not move easily.”

One of the VRM principles is that a free customer is more valuable than a captive one (scroll down to the bottom of the page. Alas, Project VRM site is down so can’t link directly. Will remedy as soon as back up again). So it seems that CMR hasn’t really moved from lock-in as the holy grail of customer management and retention. Be that as it may, so far, I’d give CMR from vendor perspective 8 out of 10, from customer perspective 5 out of 10, for the insistence on customers owning their data:

… customers should own their own information including their profile, transaction history, and any inferred information such as marital history and even behavior.

Two further issues leap out.

It’s all on vendors’ side and as a customer I am not meant to be independent of them.

There is no incentive for companies to implement and change the balance of power. They may want the benefit of data management and its complexity ‘outsourced’ to the customer but giving up any control goes against most companies instincts and systems.

The first is where CMR differs VRM at the first glance already, the second is often raised about VRM as a criticism.

And now for the vision:

I’m now living in a CMR world. I have tools with which to manage the big picture of my finances. I get best offers all the time. If service levels are not good I get to know before I buy by asking other customers of the companies concerned. These financial services companies are now wholesalers or manufacturers or advisors. The whole clearing system is a subset of this system. Banks do not do that anymore. Of course I need some cash sometimes but that’s getting rarer because my PFA (personal financial assistant – Laura) can’t track it for me, so I have to enter stuff manually. That will never die out though since lots of people still want anonymity for many things. Financial service always was an oxymoron!

I must say, this sounds awfully like most of the VRM ideas I hear from people hanging around the project, namely, various matching services, automation or aggregation, platforms for customers communicating with other customers, clearlng systems etc. They usually set off my lock-in detectors fast but this gets my warning alarm blaring full blast:

The system networks all the relevant knowledge, process and contact I need. It is regulated and government backed. For the moment government owned. They’ve made more money out of online tax collection and the equity value they have in than the national lottery and the G3 licenses put together.

The hardest part they had to play was to persuade all the vested interests to set up the new system and to select smart, sharp operators who could build and operate such a scaled up system in the new technologies.

Apart from the glaring ‘government-owned’ issue, there is another major problem I have with this approach, and with many other VRM implementations. It is the assumption, explict or implicit, that the individual-customer-user has to be provided for. And that this can or should be done by a third party service, system or platform. And that in order for us as individuals to be able to do anything sensible and useful with our data, or in order to be secure, or private or whatever else we might want, we have to turn to the ’supply side’. And finally, among those subscribing VRM vision, the assumption that solutions will come from the vendor side or that vendors will have to be sold on this first, in order to reach users and make VRM happen.

I see this assumption not only around CMR or VRM but everywhere other than the social or live web. It is a place where the demand side can and often is supplying itself, where ‘users’ can and often become ‘creators’, audience have become distributors, and intermediaries are melting away in decentralised networks and direct connections of all kinds. Alas, even on the web, it’s not all P2P roses. My online existence gets scattered across many platforms, google, wordpress, flickr, dopplr, twitter, and many more.

I have reached the limits of usefulness for apps that give me nice functionality but take away my ability to manage data across my entire ‘identity’. As I said elsewhere, the collection of tools should be clustered around the user, not around platforms or applications. It all starts with the individual. And as an individual user, I want a range of applications to manage my data, metadata, identity etc so I, and hopefully other similarly motivated users, can get on with learning how to control and manage our ‘identity’.

Individuals with independent tools, networked and informed, will be able to capture and manage information about themselves and about vendors. Once people can do that – manage their data, relationships, identities, purchase histories, their records, locations and god knows what – then more cool things will start to happen. And it will be those cool things that will ultimately determine the direction vendors should be looking.

To sum up, the article on CMR hits a few of the targets VRM is aiming at too. It calls for giving greater control to customers over their data as well as proposes that businesses arrange themselves better around customer needs. In order to achieve this laudable goal, it looks to businesses for solutions and implementation, assuming third party providers, intermediaries and closed proprietary platforms to build the CMR world. There is nothing about individuals’ sovereignty over data rather than access to it, no room for user-driven tools, only managed on my user’s behalf or user-centric at best, or user’s privacy and security policy.

One of the fundamental building blocks of VRM is the ability of individual users to take charge of their data instead of managing them via a platform and ‘trading’ that data for the functionality that the platform might provide. Once I have it in my hands, I can manage, analyse and whatever else I wish to do with them, applying various functionality directly*. And share and interact with others in ways richer than platforms currently allow. It might be messier to start with but closer to human affairs in its complexity. And that is a Good Thing.

I want to be able to connect and create relationships without lock-ins (other than the ones that some relationships bring with them naturally ). I don’t believe I will be able to do that unless the tools are built around me, for me and eventually by me. Blogging took off when people could set up a page and start publishing in a way previously available only to geeks with HTML skillz. Today I can do more things with my blog than just publish – tag, add videos, plug-in more functionality etc. with the underlying technology invisible to me now. So I want tools and applications that will help me do all that for transactions as well as relationships. Eventually.

—–
* My contribution to this aim is the Mine! project set up to equip individuals with tools to take charge of their data (content, relationships, transactions, knowledge), arrange (analyse, manipulate, combine, mash-up) them according to their needs and preferences and share them on their own terms whilst connected and networked on the web.

I am pursuing the user-driven approach where my data is neither in the hands of the second party (the vendor) nor a third party (intermediary or service provider). This is a practical requirement if I am to exercise greater control over my data and autonomy over sharing it. And that is what I set out to enable with Mine! as best I can.

I have been thinking about how social software and social networking platforms actually limits my ability to be social…

But isn’t social networking all about being social? Not quite. At the moment, I don’t drive who gets to see what beyond simple decisions about who is ‘in’ and who is ‘out’. Social interactions and relationships are far more granular than social networks allow them to be. Usually, this is seen as a privacy issues and results in a complicated access management e.g. Facebook privacy settings.

Why do we have our relationships pre-determined by others such as Facebook, Flickr, Plaxo etc.? Presumably to give us more ‘control’ over our social network and contacts in it. But how is lumping people into categories imposed by an application helping me to be social? By determining the types of relationships I am able to have – business contact or colleague, family or friend, I am not able to reflect relationships I already have. The best social software is not online, it is loaded on to my cortex. And no software can fully map the relationships, let alone replace our natural ability to create and maintain them.

Privacy is merely the other side of the coin of complexity in human relationships. My ‘privacy settings’ are inherent in my behaviour. My privacy policy should not be embedded in any software. In that sense, software cannot be social (or antisocial), though it can help me be more or less social. Software privacy settings limit my ability to be truly social i.e. capable of maintaining complex relationships and interactions with others – arguably the purpose of such tools.

Here are some thoughts based on what I posted to the Project VRM mailing list on the discussion about data ownership:

The ownership of data, whatever that means, is merely a starting point of VRM and our attempts to redress the balance of power between vendors and customers. I might volunteer information – to me that means I share it on my own terms – but I also need the ability to establish and
maintain relationships. For that I (others may not) need and want
the following ‘functionality’:

This does not happen by creating a database or a data store, however personal. Store implies passive and static, even with some sort of distribution. The objective is equipping individuals with analytical and other tools to help them understand themselves better and give them an online spring board to relationships with others (in VRM context this includes vendors).

I think it’s the user who should define the nature of the data stored/shared/analysed and what data is called what – whether confidential or premium or whatever. The crucial point is being able to share it (as well as do all sorts of groovy things with it, independently of third party and without the data being hijacked, er, harvested by third parties in the process.)

In the spirit of user-driven-ness, it should be the user who determines the ‘policies’ by which his or her data is managed and shared. I don’t see why they need to be standard(ised) as my sharing preferences and tolerance are a matter of my policy* – just like security and privacy are policies, not systems, i.e. what’s secure or private to me is not necessarily the same to you and vice versa.

What happens after information/data/whatever is shared is partly provenance of the law but mostly of a relationship I have with those the data is shared with… The main issue with the latter is that it can become meaningful only if the user is the most authoritative source of his or her data. Hence I call the means of doing this the Mine!…

—-
*My take on privacy is that it is a policy of the individual, not in a sense of privacy policy for the individual selected from a given selection, in the style of Creative Commons. Huge difference. For instance, I have a policy about who I let into my house. I don’t need to display it on my doors or attach it to my address or business cards. It is far more convenient and flexible for me to decide there and then, when someone’s knocking at the door. It is my implicit privacy policy that kicks in. Sure, I don’t want junk mail or door-to-door salesmen but just because I can display notices to that effect, doesn’t mean that is the way to deal with the rest of the humankind. So online, it is about creating tools that help the individual control the data to the point that he/she decides practically and directly who gets to see what – without a third party or intermediary…

People aren’t interested in medical records, they’re interested in getting well, and staying well. People aren’t interested in bills and receipts, they’re interested in knowing that they did what they said they will do, or that they received what they expected to receive. People aren’t interested in financial statements, they’re interested in what they can do as a result of the security that income and savings and insurance and pensions. People aren’t interested in TV or radio schedules, they’re interested in watching things and listening to things. People aren’t interested in share prices and market movements, they’re interested in the things they can do as a result of performing their jobs well. It’s not the information that matters, but what we can do as a result.

Worth remembering when designing any tool for people to help them do something useful.

Eran of Hueniverse has extrapolated 10 helpful rules from his obviously extensive experience of web communities and projects. They seem excellent to me and so I’ll reproduce them here in full for future reference:

Community efforts must adhere to the same rules startups use when trying to build something new. They must be focused, have a clear plan on how they are going to accomplish their goals, and what it is going to take to get there. With that in mind, here are my 10 rules for community driven open-web projects:

Know what you are trying to solve. Start with a single sentence description of the problem you are going to solve. Stop wasting people’s time by writing long essays about the philosophy of your project and ideas. The more narrow your problem the better. Define the outcome and the most important characteristics.

Find the right people. Before you open a project to the public, hand pick those you want to be involved. Like any successful business, community efforts must have a strong foundation which is created by getting the right team together. In a way, you are going to need to put a team in place as if you are not building a community at all. It is rare for community members to do more than provide feedback, so you will still need a core group to get stuff done.

Make it easy for people to join. Don’t start with a wiki, a blog, a group, a website, and a meetup. Pick the one format that works best for your idea. Writing code? Pick a developer oriented solution. Writing specs? A group is all you need. At some point when your project matures, you will need all those other tools, but starting with it just because it makes your project look more real, actually makes it look stupid. If people need to check out 5 different sites to catch up, they will either leave, or contribute the wrong resources.

Don’t be too nice or too democratic. I’m a big believer in enlightened dictatorship, and it is something every community needs. Give a tiny group of people, 3-5, the power to manage the project, make final decisions, and keep the community on track. It will piss off some people, and they are sure to – you guessed it – start their own new projects that are even bigger and cooler. But your project will stay on track. There is a limit to making decisions by taking votes.

Set deadlines. Open-ended projects have no motivation to get anything done. Set timelines and do your best to make them. Don’t go too far into the future, and try to limit your effort to few deliverables. People need to see progress to continue putting time into the project.

Don’t branch out too soon. Almost every single project I read about already has sub-projects going before anything was accomplished. If a member of the community has an idea that doesn’t fit right now, or at all, a better idea is to put it off, rather than split the community resources. This is where #3 comes in – don’t let people hijack your community for their own agenda.

Let your project grow organically. It is funny how everyone talks about viral marketing but rarely apply that to their own efforts. Letting people find out about your project through members and by experiencing the results of your project is always better than posting about it in every blog comment and other community. If people join a group that has accomplished nothing, they are more likely to try and take over, shift the conversation, and generally have little respect towards the leaders. #3 is easier when people respect you.

Start with an accomplishment. Starting with an idea or goal is nice, but rarely gets things done. Write some code, a spec draft, a site prototype – anything – just something others can relate to. Point of reference is the single most powerful tool for getting productivity out of a community.

Don’t be afraid to end a project. If for some reason an effort has not worked out, or did but reached its objectives, don’t recycle the community or force more deliverables just because you have everyone in one place. Most ideas will fail simply because that is the nature of human invention. Recognize that and know when to shutdown a project. The beauty of the internet is that you get to leave behind whatever outputs were created, and that by itself can be a useful lesson. Stale projects are like stale milk. You never buy a one because when you open the fridge it looks like you have milk, and meanwhile that milk is starting to smell.

Know what you are trying to solve. The first rule is so important, it needs to be repeated. The people you want and need to make your project successful are usually the ones with very little free time. Just like getting funding for a startup, you need to sell them the idea and it needs to be very specific. Remember, you can always get one problem solved and pick another.

Change is driven by need, and so far, the needs of the open social web has not been fully figured out. We don’t need projects to talk and discuss ideas, and we don’t need to give them big names.

Note: There are a couple of issues I have with Eran’s approach to the proliferation of often mismanagement and sometimes pointless web projects – the answer is not to sit it out or wait. Change and improvement happens because someone got pissed off and did it right.

We’re looking for the mouse. We’re going to look at every place that a reader or a listener or a viewer or a user has been locked out, has been served up passive or a fixed or a canned experience, and ask ourselves, “If we carve out a little bit of the cognitive surplus and deploy it here, could we make a good thing happen?” And I’m betting the answer is yes.
- Clay Shirky, Gin, Television, and Social Surplus

The adblocking revolution is months away (with iOS 9) – with trouble for advertisers, publishers and Google | The Overspill: when there’s more that I want to say “discussion of this post on Hacker [...] […]

Contact us – Simply Secure Contact us To join the conversation about usable security, follow us on Twitter (@simplysecureorg) or join us on Slack (email slack@simplysecure.org Posted from Diigo. The rest of my favorite links are here. […]